Is there any way in which i can use the WHMCS API without displaying WHMCS to the clients and users.
I want my PHP scripts to first create a WHMCS client, add an order for the client and then copy some files to the client's directory.
But i don't want my clients to be able to login to their WHMCS panel or even be able to see the WHMCS
WHMCS has something called External API that will help you.
Here is the documentation. But for what you need yo should do this:
Connect to the API
$url = "http://www.yourdomain.com/includes/api.php"; # URL to WHMCS API file goes here
$username = "Admin"; # Admin username goes here
$password = "demoxyz"; # Admin password goes here
Add the Client
$postfields = array();
$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "addclient";
$postfields["firstname"] = "Test";
$postfields["lastname"] = "User";
$postfields["companyname"] = "WHMCS";
$postfields["email"] = "demo#whmcs.com";
$postfields["address1"] = "123 Demo Street";
$postfields["city"] = "Demo";
$postfields["state"] = "Florida";
$postfields["postcode"] = "AB123";
$postfields["country"] = "US";
$postfields["phonenumber"] = "123456789";
$postfields["password2"] = "demo";
$postfields["customfields"] = base64_encode(serialize(array("1"=>"Google")));
$postfields["currency"] = "1";
$query_string = "";
foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$jsondata = curl_exec($ch);
if (curl_error($ch)) die("Connection Error: ".curl_errno($ch).' - '.curl_error($ch));
curl_close($ch);
$arr = json_decode($jsondata); # Decode JSON String
print_r($arr); # Output XML Response as Array
Add the Order
$postfields = array();
$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "addorder";
$postfields["clientid"] = "1";
$postfields["pid"] = "1";
$postfields["domain"] = "whmcs.com";
$postfields["billingcycle"] = "monthly";
$postfields["addons"] = "1,3,9";
$postfields["customfields"] = base64_encode(serialize(array("1"=>"Google")));
$postfields["domaintype"] = "register";
$postfields["regperiod"] = "1";
$postfields["paymentmethod"] = "mailin";
$query_string = "";
foreach ($postfields AS $k=>$v) $query_string .= "$k=".urlencode($v)."&";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$jsondata = curl_exec($ch);
if (curl_error($ch)) die("Connection Error: ".curl_errno($ch).' - '.curl_error($ch));
curl_close($ch);
$arr = json_decode($jsondata); # Decode JSON String
print_r($arr); # Output XML Response as Array
Then you can copy the files to the client's directory. Hope it helps!
Related
below is the code that I try to login on the site. I do not know what does not work, the site probably changed something and that I do not work for me. I have no idea what could be.
$var = file_get_contents("http://www.dauanunt.ro/cont/login");
$q = explode("name=\"q\" value=\"",$var);
$q = explode("\" />",$q[1]);
$q = $q[0];
$ga_bi['a'] = 'login';
$ga_bi['q'] = $q;
$ga_bi['h'] = '';
$ga_bi['u'] = 'gabrielaromania66#gmail.com';
$ga_bi['p'] = 'testing';
$ga_bi['r'] = '1';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.dauanunt.ro/cont/login');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, "http://www.dauanunt.ro");
curl_setopt($ch, CURLOPT_POSTFIELDS, $ga_bi);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
I don't think there's any coding error. It looks like the website you are trying to login is adding extra steps during the login.
http://www.dauanunt.ro/c/login5.js
I'm having trouble scraping an ASPX.NET website. Even after searching through stackoverflow I haven't been able to find a fix.
First off, this is a public accessible website that I'm trying to scrape so that I can email myself a copy occasionally in order to not bother having to go there with a browser.
My code goes so far as to capture the __VIEWSTATE and __EVENTVALIDATION but when I submit the form I get the "Validation of viewstate MAC failed" error.
Any ideas?
<?php
require_once ("simple_html_dom.php");
ini_set('display_errors', 'On');
error_reporting(E_ALL);
// Create curl connection
$url = 'http://www.ariautodirect.com/ui/index.aspx';
$cookieFile = 'cookie.txt';
$ch = curl_init();
// We must request the login page and get the ViewState and EventValidation hidden values
// and pass those along in the post request.
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setOpt($ch, CURLOPT_REFERER, 'http://www.ariautodirect.com/ui/index.aspx');
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: http://www.ariautodirect.com', 'Host: www.ariautodirect.com'));
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile);
$curl_scraped_page = curl_exec($ch);
// Grab ViewState and EventValidation data
$html = str_get_html($curl_scraped_page);
$viewState = $html->find("#__VIEWSTATE", 0);
$eventValidation = $html->find("#__EVENTVALIDATION", 0);
$previousPage = $html->find("#__PREVIOUSPAGE", 0);
//create array of data to be posted
// This matches exactly what I am seeing being posted when looking at Fiddler
$post_data['__EVENTTARGET'] = '';
$post_data['__EVENTARGUMENT'] = '';
$post_data['__VIEWSTATE'] = $viewState->value;
$post_data['__EVENTVALIDATION'] = $eventValidation->value;
$post_data['__PREVIOUSPAGE'] = 'Kn9nmdEGkbDIIX-v7Z_vg0t3njAt1lzkUm-uXH6djRcAGjPo6-w6RWKF3BBQz1ijEoJZGJVqOvHTqB5ghEU40C8xhnw1';//hard-coded because $previousPage->value throughs error
$post_data['ctl00$HeaderCtl1$LoginControl1$txtUserName'] = '';
$post_data['ctl00$HeaderCtl1$LoginControl1$txtPassword'] = '';
$post_data['ctl00$HeaderCtl1$LoginControl1$txtClientCode'] = '';
$post_data['ctl00$SearchCriteria1$drpDownMiles'] = '50';
$post_data['ctl00$SearchCriteria1$txtZipCode'] = '30301';
$post_data['ctl00$SearchCriteria1$ddlMake'] = 'All Makes ';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender1_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender2_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender3_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender4_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender5_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender6_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender7_ClientState'] = 'true';
$post_data['ctl00$SearchCriteria1$CollapsiblePanelExtender8_ClientState'] = 'true';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$drpDownMiles'] = '50';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$txtZipCode'] = '30301';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$btnSearch'] = 'Search';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$drpDownPageList'] = '100';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$txtVinSearch'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$SrtxtClientId'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$SrtxtVehicleNo'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$hdnSortYear'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$hdnSortModel'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$hdnSortMileage'] = '';
$post_data['ctl00$ContentPlaceHolder1$DataGridResults1$hdnSortPrice'] = '';
//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
$post_items[] = rawurlencode($key) . '=' . rawurlencode($value);
}
//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);
$post_string = http_build_query($post_data);
//Set options for post
$urlAcctSummary = "http://www.ariautodirect.com/ui/DisplayResults.aspx";
curl_setopt($ch, CURLOPT_URL, $urlAcctSummary);
curl_setOpt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: http://www.ariautodirect.com', 'Host: www.ariautodirect.com', 'Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setOpt($ch, CURLOPT_REFERER, 'http://www.ariautodirect.com/ui/index.aspx');
// Perform our post request
$curl_scraped_page = curl_exec($ch);
echo $curl_scraped_page;
curl_close($ch);
?>
I try this code in php but I don't solve!
$s = $motion = 1;
$camIp = "192.168.1.124";
$camUser = "admin";
$camPass = "gatelliHome";
$params = "ReplySuccessPage=motion.htm&ReplyErrorPage=motion.htm&MotionDetectionEnable=$motion&MotionDetectionSensitivity=85&ConfigSystemMotion=Save";
curl_setopt($ch, CURLOPT_URL, "http://$camIp/motion.cgi");
curl_setopt($ch, CURLOPT_USERPWD, "$camUser:$camPass");
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_exec($ch);
curl_close($ch);
I isn't certain the $url and $params are correct!
Can you help me?
I tryed to do this on my website and I have this code that works in one of my Joomla instalations but it doesn't work on another joomla instalation. On the instalation that doesn't work, the script does search the database and finds the user credentials but when it goes to mywebsite.com it doesn't log in the user. The users password is not encrypted, it's another field that I use only for this purpose. Can someone help me find out what's wrong?
<?php
mysql_connect("localhost", "sqluser", "sqlpass") or die(mysql_error());
mysql_select_db("sqldb") or die(mysql_error());
$uname = $_POST['username'];
$upswd = $_POST['password'];
$result_user = mysql_query("SELECT username FROM jos_users where username = '$uname'") or die(mysql_error());
$rows_user = mysql_num_rows($result_user);
$result_pass = mysql_query("SELECT vm_pass_lojat FROM jos_vm_user_info where vm_pass_lojat = '$upswd'") or die(mysql_error());
$rows_pass = mysql_num_rows($result_pass);
if($rows_user > 0){
if($rows_pass > 0){
$url = "http://www.mywebsite.com/online/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE);
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)){
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie = explode('=', $m[1]);
setcookie($cookie[0], $cookie[1]);
header("location: http://www.mywebsite.com/online/index.php");
}
else
{
echo "WRONG PASSWORD";
}
}
else
{
echo "NO USER FOUND";
}
?>
The authentication plugin in the backend might not be active.
So here is my code:
<?php
$url = "http://www.site.com/whcms/includes/api.php"; # This is not the original url, just an exapmle
$username = "user"; # Admin username goes here
$password = "pass"; # Admin password goes here
$postfields["username"] = $username;
$postfields["password"] = md5($password);
$postfields["action"] = "domainwhois"; #action performed by the API:Functions
$postfields["domain"] = "whmcs.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);
echo(var_dump($data));
?>
I get this: string(44) "result=error;message=Invalid IP 89.24.47.30;"
What I'm doing wrong?
Solution Found!
Go into the admin panel, General Settings -> Security and add the ip address